From f32fd2d56ddf6f848b5fe2139376d852a3af70bc Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 23 Jun 2016 13:36:31 -0400
Subject: [PATCH] kdc: fix AD -> Heimdal x-realm trusts again

The HDB_F_ALL_KVNOS flag is not getting set in _kdc_db_fetch() if
kvno_ptr == NULL.  Fix the conditional to ensure that one of
HDB_F_ALL_KVNOS or HDB_F_KVNO_SPECIFIED is set in the flags field.

Prior to this change cross-realm TGS_REQ failed with KRB5_GENERIC_ERROR
and e-text "encryption key has bad length".  With this change, the
cross-realm TGS_REQ succeeds.

Change-Id: I4216137a192032544dfbdada12b5c377603ca4b6
---
 kdc/misc.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/kdc/misc.c b/kdc/misc.c
index 62b1c356b..72acc32d7 100644
--- a/kdc/misc.c
+++ b/kdc/misc.c
@@ -53,13 +53,11 @@ _kdc_db_fetch(krb5_context context,
 
     *h = NULL;
 
-    if (kvno_ptr != NULL) {
-	if (*kvno_ptr != 0) {
-	    kvno = *kvno_ptr;
-	    flags |= HDB_F_KVNO_SPECIFIED;
-	} else {
-	    flags |= HDB_F_ALL_KVNOS;
-	}
+    if (kvno_ptr != NULL && *kvno_ptr != 0) {
+	kvno = *kvno_ptr;
+	flags |= HDB_F_KVNO_SPECIFIED;
+    } else {
+	flags |= HDB_F_ALL_KVNOS;
     }
 
     ent = calloc(1, sizeof (*ent));